ConnectWise BCDR and R1Soft Server Backup Manager Critical Security Release

Products: Recover
Severity: Critical
Priority: 1 - High


CWE-74: Improper Neutralization of Special Elements in Output Used by a Downstream Component.


Critical – Vulnerabilities that could allow the ability to execute remote code or directly access confidential data.


1 – Vulnerabilities that are either being targeted or have a higher risk of being targeted by exploits in the wild. Recommend patching as soon as possible.  

Affected versions 

ConnectWise Recover: Recover v2.9.7 and earlier versions are impacted.

R1Soft: SBM v6.16.3 and earlier versions are impacted.


ConnectWise Recover:

Affected ConnectWise Recover SBMs have automatically been updated to the latest version of Recover (v2.9.9).


Upgrade the server backup manager to SBM v6.16.4 released October 28, 2022 using the R1Soft upgrade wiki.

Please refer to the release notes for more information. 

Additional information